View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2020-9488 severity low: SUSE including 24 source package names (log4j, log4j-2.13.2-1.9, …), 83 product×package rows across 44 product lines (SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 12 SP4, … (44 product lines)): Known Not Affected 63, Fixed 20.
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1